Re: [exim] Regex or sg how

Top Page
Delete this message
Reply to this message
Author: Craig Jackson
Date:  
To: exim-users
Subject: Re: [exim] Regex or sg how


> -----Original Message-----
> From: Phil Pennock [mailto:exim-users@spodhuis.org]
> Sent: Saturday, December 15, 2007 4:35 PM
> To: Craig Jackson
> Cc: exim-users@???
> Subject: Re: [exim] Regex or sg how
>
> On 2007-12-14 at 11:30 -0600, Craig Jackson wrote:
> > It wasn't permissions. It was a leading spaces issue that I
> couldn't
> > see in the log, but which closer scrutiny of binlog
> revealed. For some
> > reason Exim was passing data with leading spaces. Mysql trim()
> > fuunction fixed it. Whew.
>
> Following up because this indicates a conceptual problem in
> your Exim config.
>
> The extra whitespace was actually in what you posted to the
> list but I figured there was some kind of cut&paste error or
> mail-client snafu, especially since later in the same line
> there's an extra line-break which couldn't have been in the
> original config.
>
> You wrote:
> ----------------------------8< cut here
> >8------------------------------
> MACRO:
> CAPTURE_EHLO = CALL ehlo \
> ('${quote_mysql: ${lc:$sender_helo_name}}','${quote_mysql:
> ${lc:$sender_address_domain}}')
> ----------------------------8< cut here
> >8------------------------------
>
> You do indeed have an extra space in what you're asking to be
> quoted; everything between the colon (':') character and the
> closing brace ('}').
>
> ${quote_whatever:xyz} quotes xyz in its entirety, including spaces.
> This is deliberate, since xyz might be the result of a
> lookup, or part of an email address. Note that
> <""@???> is syntactically valid, as is <"
> "@example.org>, <" foo "@???> (which is not the same
> as <foo@???>), etc. So someone speaking SMTP to you
> can be supplying some quite unexpected data, which is why
> it's important to always quote correctly.
>
> Remove those spaces and you won't need the trim.
>
> -Phil




Thanks, Phil, for your patience with my crazy mystery problems. Your
suggestion worked.

I wanted to let you know that the system I set up using this stored
procedure also works very well at identifying spam. If the domain.tld we
have in the database for our whitelisted domains doesn't match in the
EHLO given by an email, then that email is flagged for spam -- basic
forge detection. Since so many domains are hosted, it is very hard for
spammers to know what the EHLO domain.tld should be. 90% of spammers
don't bother tailoring the EHLO to the envelope domain.

Any other suggestions welcome.

Craig